- Reference >
- MongoDB Database Resource Specification
MongoDB Database Resource Specification¶
On this page
Note
At any place on this page that says Ops Manager, you can substitute Cloud Manager.
The MongoDB Enterprise Kubernetes Operator creates Kubernetes StatefulSets from specification files that you write.
The Kubernetes Operator creates MongoDB-specific resources in Kubernetes as custom resources.
To manage these custom resources, use the following process:
- Create or update a
MongoDB
resource specification. - Direct MongoDB Enterprise Kubernetes Operator to apply it to your Kubernetes environment.
As a result, Kubernetes Operator performs these actions:
- Creates the defined StatefulSets, services and other Kubernetes resources.
- Updates the Ops Manager deployment configuration to reflect changes.
Deployment Type | StatefulSets | Size of StatefulSet |
---|---|---|
Standalone | 1 | 1 Pod |
Replica Set | 1 | 1 Pod per member |
Sharded Cluster | <numberOfShards> + 2 | 1 Pod per mongos , shard, or config server member |
Each MongoDB
resource uses an object specification in YAML to define the
characteristics and settings of the MongoDB object: standalone,
replica set, and sharded cluster.
Common Resource Settings¶
Every resource type must use the following settings:
Required¶
-
apiVersion
¶ Type: string
Version of the
MongoDB
resource schema.
-
kind
¶ Type: string
Kind of
MongoDB
resource to create. Set this toMongoDB
-
metadata.
name
¶ Type: string
Name of the
MongoDB
resource that you create.Resource names must be 44 characters or less.
-
spec.
credentials
¶ Type: string
Required. Name of the Kubernetes secret you created as Ops Manager API authentication credentials for the Kubernetes Operator to communicate with Cloud Manager or Ops Manager.
The Ops Manager Kubernetes Secret object holding the Credentials must exist on the same Namespace as the resource you want to create.
Operator manages changes to the Secret
The Kubernetes Operator tracks any changes to the Secret and reconciles the state of the
MongoDB
resource.
-
spec.
persistent
¶ Type: boolean
Default: True
Warning
Grant your containers permission to write to your Persistent Volume. The Kubernetes Operator sets
fsGroup = 2000
,runAsUser = 2000
, andrunAsNonRoot = true
insecurityContext
. Kubernetes Operator setsfsgroup
equal torunAsUser
to make the volume writable for a user that runs the main process in the container. To learn more, see Configure a Security Context for a Pod or Container and the related discussion in the Kubernetes documentation. If redeploying the resource doesn’t fix issues with your Persistent Volume, contact MongoDB Support.Note
If you do not use Persistent Volumes, the Disk Usage and Disk IOPS charts cannot be displayed in either the Processes tab on the Deployment page or in the Metrics page when reviewing the data for this deployment.
-
spec.
type
¶ Type: string
Type of
MongoDB
resource to create. Accepted values are:Standalone
ReplicaSet
ShardedCluster
-
spec.
version
¶ Type: string
Version of MongoDB that you installed on this
MongoDB
resource.Important
Ensure that you choose a compatible MongoDB Server version.
Compatible versions differ depending on the base image that the MongoDB database resource uses.
Note
If you update this value to a later version of MongoDB for your database resources, the Feature Compatibility Version (FCV) changes automatically to this version unless you set
spec.featureCompatibilityVersion
to the original version. Consider settingspec.featureCompatibilityVersion
to the original version to give yourself the option to downgrade if necessary.
Conditional¶
Every resource must use one of the following settings:
-
spec.opsManager.configMapRef.
name
¶ Type: string
Name of the ConfigMap with the Cloud Manager or Ops Manager connection configuration. The
spec.cloudManager.configMapRef.name
setting is an alias for this setting and can be used in its place.Note
This value must exist on the same namespace as the resource you want to create.
Operator manages changes to the ConfigMap
The Kubernetes Operator tracks any changes to the ConfigMap and reconciles the state of the
MongoDB
resource.
-
spec.cloudManager.configMapRef.
name
¶ Type: string
Alias for
spec.opsManager.configMapRef.name
.
Optional¶
Every resource type may use the following settings:
-
spec.
featureCompatibilityVersion
¶ Type: string
Limits changes to data that occur with an upgrade to a new major version. This allows you to downgrade to the previous major version. To learn more about feature compatibility, see
setFeatureCompatibilityVersion
in the MongoDB Manual.
-
spec.
clusterDomain
¶ Type: string
Default: cluster.local
Domain name of the Kubernetes cluster where you deploy the Kubernetes Operator. When Kubernetes creates a StatefulSet, the Kubernetes assigns each Pod a FQDN. To update Cloud Manager or Ops Manager, the Kubernetes Operator calculates the FQDN for each Pod using a provided cluster name. Kubernetes doesn’t provide an API to query these hostnames.
Warning
You must set
spec.clusterDomain
if your Kubernetes cluster has a default domain other than the defaultcluster.local
. If you neither use the default nor set thespec.clusterDomain
option, the Kubernetes Operator might not function as expected.
-
spec.
clusterName
¶ Type: string
Default: cluster.local
spec.clusterName
is DeprecatedUse
spec.clusterDomain
instead.Domain name of the Kubernetes cluster where you deploy the Kubernetes Operator. When Kubernetes creates a StatefulSet, the Kubernetes assigns each Pod a FQDN. To update Cloud Manager or Ops Manager, the Kubernetes Operator calculates the FQDN for each Pod using a provided cluster name. Kubernetes doesn’t provide an API to query these hostnames.
Warning
You must set
spec.clusterDomain
if your Kubernetes cluster has a default domain other than the defaultcluster.local
. If you neither use the default nor set thespec.clusterDomain
option, the Kubernetes Operator might not function as expected.
-
metadata.
namespace
¶ Type: string
Kubernetes namespace where you create this
MongoDB
resource and other objects.
-
spec.
service
¶ Type: string
Default: <resource_name>+”-svc” and <resource_name>+”-svc-external”
spec.service
is DeprecatedUse
spec.statefulSet.spec.serviceName
instead.Name of the Kubernetes service to be created or used for a StatefulSet. If the service with this name already exists, the MongoDB Enterprise Kubernetes Operator does not delete or recreate it. This setting lets you create your own custom services and lets the Kubernetes Operator reuse them.
-
spec.
logLevel
¶ Type: string
Default: INFO
Configures the level of Automation Agent logging inside the Pod. Accepted values include:
DEBUG
INFO
WARN
ERROR
FATAL
-
spec.security.authentication.
ignoreUnknownUsers
¶ Type: boolean
Default:
false
Determines whether you can modify database users that were not configured through the Kubernetes Operator, or the Cloud Manager or Ops Manager user interface.
To manage database users directly through the
mongod
ormongos
, set this setting totrue
.
Deployment-Specific Resource Settings¶
Other settings you can and must use in a MongoDB
resource specification
depend upon which MongoDB deployment item you want to create:
Standalone Settings¶
Note
All of the Standalone Settings also apply to replica set resources.
-
spec.
additionalMongodConfig
¶ Type: collection
Additional configuration options with which you want to start MongoDB processes.
The Kubernetes Operator supports all configuration options that the MongoDB version you deploy through the MongoDB Agent supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:
net.port
net.tls.certificateKeyFile
net.tls.clusterFile
net.tls.PEMKeyFile
replication.replSetName
security.clusterAuthMode
sharding.clusterRole
storage.dbPath
systemLog.destination
systemLog.path
To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.
To learn which configuration options you can use, see Advanced Options for MongoDB Deployments in the Ops Manager documentation.
-
spec.
agent
¶ Type: collection
MongoDB Agent configuration settings for MongoDB database resource.
-
spec.agent.
startupOptions
¶ Type: collection
MongoDB Agent settings with which you want to start MongoDB database resource.
You must provide MongoDB Agent settings as key-value pairs. The values must be strings.
For a list of supported MongoDB Agent settings, see:
- MongoDB Agent Settings for Cloud Manager projects.
- MongoDB Agent Settings for the Ops Manager version you deployed with the Kubernetes Operator.
-
spec.
externalAccess
¶ Type: collection
Specification to expose your cluster for external connections. To learn how to connect to your MongoDB resource from outside of the Kubernetes cluster, see Connect to a MongoDB Database Resource from Outside Kubernetes.
If you add
spec.externalAccess
, the Kubernetes Operator creates an external service for each Pod in a replica set. External services provide an external entry point for each MongoDB database Pod in a cluster. Each external service has selectors that match the external service to a specific Pod.If you add this setting without any values, the Kubernetes Operator creates an external service with the following default values:
Field Value Description Name
<pod-name>-svc-external
Name of the external service. You can’t change this value. Type
LoadBalancer
Creates an external LoadBalancer service. Port
<Port Number>
A port for mongod
.publishNotReadyAddress
true
Specifies that DNS records are created even if the Pod isn’t ready. Do not set to false
for any database Pod.Note
If you set
spec.externalAccess.externalDomain
, the external service adds another port (Port Number + 1
) for backups.
-
spec.externalAccess.
externalService
¶ Type: collection
Specification for overriding the default values in
spec.externalAccess
.When you set the
spec.externalAccess
setting, the Kubernetes Operator automatically creates an external load balancer service with default values. You can override certain values or add new values depending on your needs. For example, if you intend to create NodePort services and don’t need a load balancer, you must configure overrides in your Kubernetes specification:For more information about the Kubernetes specification, see ServiceSpec in the Kubernetes documentation.
-
spec.externalAccess.externalService.
annotations
¶ Type: collection
Key-value pairs that let you add cloud provider-specific configuration settings to all clusters in your deployment.
To learn more about annotations, see the Kubernetes documentation and the documentation for your Kubernetes cloud provider.
-
spec.externalAccess.externalService.
spec
¶ Type: collection
Configuration for the ServiceSpec. To learn more, see
spec.externalAccess.externalService
.
-
spec.podSpec.
nodeAffinity
¶ Type: Struct
Kubernetes rule to place Pods for standalone database on a specific range of nodes.
-
spec.podSpec.persistence.
single
¶ Type: collection
Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.multiple
collections but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If standalone deployment in requires 60 gigabytes of storage space, set this value to
60Gi
.storageClass
string Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.podSpec.persistence.multiple.
data
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host standalone deployment on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for standalone deployment. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.podSpec.persistence.multiple.
journal
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host standalone deployment on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 1Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for standalone deployment. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.podSpec.persistence.multiple.
logs
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host standalone deployment on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 3Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for standalone deployment. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.podSpec.
podAffinity
¶ Type: Struct
Kubernetes rule to determine whether multiple
MongoDB
resource Pods must be co-located with other Pods. To learn more about the use cases, see ||k8s-affinity| in the Kubernetes documentation.
-
spec.podSpec.
podTemplate
¶ Type: collection
Template for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for MongoDB database resources.
Template values take precedence over values specified in
spec.podSpec
.Note
The Kubernetes Operator doesn’t validate the fields you provide in
spec.podSpec.podTemplate
.
-
spec.podSpec.podTemplate.
metadata
¶ Type: collection
Metadata for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for MongoDB database resources.
To review which fields you can add to
spec.podSpec.podTemplate.metadata
, see the Kubernetes documentation.
-
spec.podSpec.podTemplate.
spec
¶ Type: collection
Specifications of the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for MongoDB database resources.
To review which fields you can add to
spec.podSpec.podTemplate.spec
, see the Kubernetes PodSpec v1 core API.Note
When you add containers to
spec.podSpec.podTemplate.spec.containers
, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to MongoDB database resources containers in the pod.Use this setting to specify the CPU and RAM allocations for each pod. For examples, see the samples on GitHub.
Replica Set Settings¶
Note
All of the Standalone Settings also apply to replica set resources.
The following settings apply only to replica set resource types:
-
spec.
backup
¶ Type: collection
The collection container for
spec.backup.mode
, which enables continuous backups for MongoDB resources in Kubernetes Operator.
-
spec.backup.
assignmentLabels
¶ Type: array
A comma-separated list of labels to assign backup daemons, oplog stores, blockstores, S3 snapshot stores, and file system stores to specific projects or groups. Use assignment labels to identify that specific backup stores are associated with particular projects.
If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don’t set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.
Note
If you set this parameter, the API key linked with the value of
spec.credentials
must have aGlobal Owner
role.
-
spec.backup.
mode
¶ Type: string
Enables continuous backups for a MongoDB resource. Possible values are
enabled
,disabled
, andterminated
.Note
The
spec.backup.mode
setting relies on Backup that is enabled in the Ops Manager and requires thatspec.backup.enabled
value in the Ops Manager resource specification is set totrue
.After you enable continuous backups for your MongoDB resource with
spec.backup.mode
, you can check the backup status.
-
spec.backup.
autoTerminateOnDeletion
¶ Type: boolean
Flag that controls whether the Kubernetes Operator stops and terminates the backup when you delete a MongoDB resource. If omitted, the default value is
false
. Setting this flag totrue
is useful when you want to delete the MongoDB custom resource while thespec.backup.mode
setting is set toenabled
.
-
spec.backup.
encryption
¶ Type: object
Object that contains the backup encryption configuration settings.
-
spec.backup.encryption.
kmip
¶ Type: object
Object that contains the KMIP backup encryption configuration settings. To learn more, see Configure KMIP Backup Encryption for Ops Manager.
-
spec.backup.encryption.kmip.
client
¶ Type: object
Object that contains the KMIP backup encryption client configuration settings.
-
spec.backup.encryption.kmip.client.
clientCertificatePrefix
¶ Type: string
-
spec.backup.
snapshotSchedule
¶ Type: collection
Collection container for snapshot schedule settings for continuous backups for MongoDB resources in Kubernetes Operator.
-
spec.backup.snapshotSchedule.
snapshotIntervalHours
¶ Type: number
Number of hours between snapshots. You can set a value of
6
,8
,12
, or24
.
-
spec.backup.snapshotSchedule.
snapshotRetentionDays
¶ Type: number
Number of days to keep recent snapshots. You can set a value between
2
and5
, inclusive.
-
spec.backup.snapshotSchedule.
dailySnapshotRetentionDays
¶ Type: number
Number of days to keep daily snapshots. You can set a value between
1
and365
, inclusive. Setting the value to0
disables this rule.
-
spec.backup.snapshotSchedule.
weeklySnapshotRetentionWeeks
¶ Type: number
Number of weeks to keep weekly snapshots. You can set a value between
1
and52
, inclusive. Setting the value to0
disables this rule.
-
spec.backup.snapshotSchedule.
monthlySnapshotRetentionMonths
¶ Type: number
Number of months to keep monthly snapshots. You can set a value between
1
and36
, inclusive. Setting the value to0
disables this rule.
-
spec.backup.snapshotSchedule.
pointInTimeWindowHours
¶ Type: number
Number of hours in the past for which you can create a point-in-time snapshot.
-
spec.backup.snapshotSchedule.
referenceHourOfDay
¶ Type: number
UTC hour of the day to schedule snapshots using a 24 hour clock. You can set a value between
0
and23
, inclusive.
-
spec.backup.snapshotSchedule.
referenceMinuteOfHour
¶ Type: number
UTC minute of the hour to schedule snapshots. You can set a value between
0
and59
, inclusive.
-
spec.backup.snapshotSchedule.
fullIncrementalDayOfWeek
¶ Type: string
Day of the week when Ops Manager takes a full snapshot. This setting ensures a recent complete backup. Ops Manager sets the default value to
SUNDAY
.
-
spec.
clusterDomain
¶ Type: string
Default: cluster.local
Domain name of the Kubernetes cluster where you deploy the Kubernetes Operator. When Kubernetes creates a StatefulSet, the Kubernetes assigns each Pod a FQDN. To update Cloud Manager or Ops Manager, the Kubernetes Operator calculates the FQDN for each Pod using a provided cluster name. Kubernetes doesn’t provide an API to query these hostnames.
Warning
You must set
spec.clusterDomain
if your Kubernetes cluster has a default domain other than the defaultcluster.local
. If you neither use the default nor set thespec.clusterDomain
option, the Kubernetes Operator might not function as expected.
-
spec.
clusterName
¶ Type: string
Default: cluster.local
spec.clusterName
is DeprecatedUse
spec.clusterDomain
instead.Domain name of the Kubernetes cluster where you deploy the Kubernetes Operator. When Kubernetes creates a StatefulSet, the Kubernetes assigns each Pod a FQDN. To update Cloud Manager or Ops Manager, the Kubernetes Operator calculates the FQDN for each Pod using a provided cluster name. Kubernetes doesn’t provide an API to query these hostnames.
Warning
You must set
spec.clusterDomain
if your Kubernetes cluster has a default domain other than the defaultcluster.local
. If you neither use the default nor set thespec.clusterDomain
option, the Kubernetes Operator might not function as expected.
-
spec.connectivity.
replicaSetHorizons
¶ Type: collection
Allows you to provide different DNS settings for client applications and the MongoDB Agents. The Kubernetes Operator uses split horizon DNS for replica set members. This feature allows communication both within the Kubernetes cluster and from outside Kubernetes.
You may add multiple external mappings per host.
Split Horizon Requirements
- Make sure that each value in this array is unique.
- Make sure that the number of entries in this array matches the
value given in
spec.members
. - Provide a value for the
spec.security.certsSecretPrefix
setting to enable TLS. This method to use split horizons requires the Server Name Indication extension of the TLS protocol. - Configure the routing for external hostnames.
Example
In this example, the replica set members communicate amongst themselves on the
example-localhost
horizon. Clients communicate with the replica set using theexample-website
horizon.
-
spec.externalAccess.
externalDomain
¶ Type: string
An external domain used to externally expose your replica set deployment.
By default, each replica set member uses the Kubernetes Pod’s FQDN (
*.svc.cluster.local
) as the default hostname. However, if you add an external domain to this setting, the replica set uses a hostname that is a subdomain of the specified domain instead. This hostname uses the following format:<replica-set-name>-<pod-idx>.<externalDomain>
For example:
replica-set-1.example.com
After you deploy the replica set with this setting, the Kubernetes Operator uses the hostname with the external domain to override the
processes[n].hostname
field in the Ops Manager automation configuration. Then, the MongoDB Agent uses this hostname to connect tomongod
.To specify other hostnames for connecting to the replica set, you can use the
spec.connectivity.replicaSetHorizons
setting. However, the following connections still use the hostname with the external domain:
-
spec.
featureCompatibilityVersion
¶ Type: string
Limits changes to data that occur with an upgrade to a new major version. This allows you to downgrade to the previous major version. To learn more about feature compatibility, see
setFeatureCompatibilityVersion
in the MongoDB Manual.
-
spec.
members
¶ Type: integer
Required. Number of Members of the Replica Set.
-
spec.
memberConfig
¶ Type: collection
Specification for each MongoDB replica set member deployed from the
MongoDB
resource.The order of the elements in the array must reflect the order of members in the replica set. For example, the first element of the array affects the Pod at index
0
, the second element affects index1
, and so on.Example
Consider the following example specification for a three-member replica set:
-
spec.memberConfig.
priority
¶ Type: string
Number that indicates the relative likelihood of a MongoDB replica set member to become the primary.
- To increase the relative likelihood that a replica set member becomes the primary, specify a higher
priority
value. - To decrease the relative likelihood that a replica set member becomes the primary, specify a lower
priority
value.
For example, a member with a
memberConfig.priority
of1.5
is more likely than a member with amemberConfig.priority
of0.5
to become the primary.A member with a
memberConfig.priority
of0
is ineligible to become the primary. To learn more, see Member Priority.- To increase the relative likelihood that a replica set member becomes the primary, specify a higher
Type: map
Map of replica set tags for directing read and write operations to specific members of your MongoDB replica set.
-
spec.memberConfig.
votes
¶ Type: number
Determines whether a MongoDB replica set member can vote in an election. Set to
1
to allow the member to vote. Set to0
to exclude the member from an election.
-
spec.podSpec.
podAntiAffinityTopologyKey
¶ Type: string
Default: kubernetes.io/hostname
Sets a rule to spread
MongoDB
resource Pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.
Sharded Cluster Settings¶
The following settings apply only to sharded cluster resource types:
-
spec.
backup
¶ Type: collection
The collection container for
spec.backup.mode
, which enables continuous backups for MongoDB resources in Kubernetes Operator.
-
spec.backup.
assignmentLabels
¶ Type: array
A comma-separated list of labels to assign backup daemons, oplog stores, blockstores, S3 snapshot stores, and file system stores to specific projects or groups. Use assignment labels to identify that specific backup stores are associated with particular projects.
If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don’t set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.
Note
If you set this parameter, the API key linked with the value of
spec.credentials
must have aGlobal Owner
role.
-
spec.backup.
mode
¶ Type: string
Enables continuous backups for a MongoDB resource. Possible values are
enabled
,disabled
, andterminated
.Note
The
spec.backup.mode
setting relies on Backup that is enabled in the Ops Manager and requires thatspec.backup.enabled
value in the Ops Manager resource specification is set totrue
.After you enable continuous backups for your MongoDB resource with
spec.backup.mode
, you can check the backup status.
-
spec.backup.
encryption
¶ Type: object
Object that contains the backup encryption configuration settings.
-
spec.backup.encryption.
kmip
¶ Type: object
Object that contains the KMIP backup encryption configuration settings. To learn more, see Configure KMIP Backup Encryption for Ops Manager.
-
spec.backup.encryption.kmip.
client
¶ Type: object
Object that contains the KMIP backup encryption client configuration settings.
-
spec.backup.encryption.kmip.client.
clientCertificatePrefix
¶ Type: string
-
spec.backup.
snapshotSchedule
¶ Type: collection
Collection container for snapshot schedule settings for continuous backups for MongoDB resources in Kubernetes Operator.
-
spec.backup.snapshotSchedule.
snapshotIntervalHours
¶ Type: number
Number of hours between snapshots. You can set a value of
6
,8
,12
, or24
.
-
spec.backup.snapshotSchedule.
snapshotRetentionDays
¶ Type: number
Number of days to keep recent snapshots. You can set a value between
2
and5
, inclusive.
-
spec.backup.snapshotSchedule.
dailySnapshotRetentionDays
¶ Type: number
Number of days to keep daily snapshots. You can set a value between
1
and365
, inclusive. Setting the value to0
disables this rule.
-
spec.backup.snapshotSchedule.
weeklySnapshotRetentionWeeks
¶ Type: number
Number of weeks to keep weekly snapshots. You can set a value between
1
and52
, inclusive. Setting the value to0
disables this rule.
-
spec.backup.snapshotSchedule.
monthlySnapshotRetentionMonths
¶ Type: number
Number of months to keep monthly snapshots. You can set a value between
1
and36
, inclusive. Setting the value to0
disables this rule.
-
spec.backup.snapshotSchedule.
pointInTimeWindowHours
¶ Type: number
Number of hours in the past for which you can create a point-in-time snapshot.
-
spec.backup.snapshotSchedule.
referenceHourOfDay
¶ Type: number
UTC hour of the day to schedule snapshots using a 24 hour clock. You can set a value between
0
and23
, inclusive.
-
spec.backup.snapshotSchedule.
referenceMinuteOfHour
¶ Type: number
UTC minute of the hour to schedule snapshots. You can set a value between
0
and59
, inclusive.
-
spec.backup.snapshotSchedule.
fullIncrementalDayOfWeek
¶ Type: string
Day of the week when Ops Manager takes a full snapshot. This setting ensures a recent complete backup. Ops Manager sets the default value to
SUNDAY
.
-
spec.backup.snapshotSchedule.
clusterCheckpointIntervalMin
¶ Type: number
Number of minutes between successive cluster checkpoints. This setting applies only to sharded clusters that run MongoDB with FCV of 4.0 or earlier. This number determines the granularity of point-in-time restores for sharded clusters. You can set a value of
15
,30
, or60
.
-
spec.
configServerCount
¶ Type: integer
Required. Number of members in the config server.
-
spec.configSrv.
additionalMongodConfig
¶ Type: collection
Additional configuration options with which you want to start each config server member.
The Kubernetes Operator supports all configuration options that the MongoDB version you deploy through the MongoDB Agent supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:
net.port
net.tls.certificateKeyFile
net.tls.clusterFile
net.tls.PEMKeyFile
replication.replSetName
security.clusterAuthMode
sharding.clusterRole
storage.dbPath
systemLog.destination
systemLog.path
To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.
To learn which configuration options you can use, see Advanced Options for MongoDB Deployments in the Ops Manager documentation.
-
spec.configSrv.
agent
¶ Type: collection
MongoDB Agent configuration settings for each config server member.
-
spec.configSrv.agent.
startupOptions
¶ Type: collection
MongoDB Agent settings with which you want to start each config server member.
You must provide MongoDB Agent settings as key-value pairs. The values must be strings.
For a list of supported MongoDB Agent settings, see:
- MongoDB Agent Settings for Cloud Manager projects.
- MongoDB Agent Settings for the Ops Manager version you deployed with the Kubernetes Operator.
-
spec.configSrvPodSpec.persistence.
single
¶ Type: collection
Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.multiple
collections but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 5Gi.
Example
If each config server member in requires 60 gigabytes of storage space, set this value to
60Gi
.storageClass
string Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.configSrvPodSpec.persistence.multiple.
data
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host each config server member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for each config server member. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.configSrvPodSpec.persistence.multiple.
journal
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host each config server member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 1Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for each config server member. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.configSrvPodSpec.persistence.multiple.
logs
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host each config server member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 3Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for each config server member. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.configSrvPodSpec.
nodeAffinity
¶ Type: collection
Kubernetes rule to place Pods for each config server member on a specific range of nodes.
-
spec.configSrvPodSpec.
podAffinity
¶ Type: collection
Kubernetes rule to determine whether multiple
MongoDB
resource Pods must be co-located with other Pods. To learn more about the use cases, see ||k8s-affinity| in the Kubernetes documentation.
-
spec.configSrvPodSpec.
podAntiAffinityTopologyKey
¶ Type: string
Default: kubernetes.io/hostname
Sets a rule to spread
MongoDB
resource Pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.
-
spec.configSrvPodSpec.
podTemplate
¶ Type: collection
Template for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each config server member.
Template values take precedence over values specified in
spec.configSrvPodSpec
.Note
The Kubernetes Operator doesn’t validate the fields you provide in
spec.configSrvPodSpec.podTemplate
.
-
spec.configSrvPodSpec.podTemplate.
metadata
¶ Type: collection
Metadata for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each config server member.
To review which fields you can add to
spec.configSrvPodSpec.podTemplate.metadata
, see the Kubernetes documentation.
-
spec.configSrvPodSpec.podTemplate.
spec
¶ Type: collection
Specifications of the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each config server member.
To review which fields you can add to
spec.configSrvPodSpec.podTemplate.spec
, see the Kubernetes PodSpec v1 core API.Note
When you add containers to
spec.configSrvPodSpec.podTemplate.spec.containers
, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to each config server member containers in the pod.Use this setting to specify the CPU and RAM allocations for each pod. For examples, see the samples on GitHub.
-
spec.
mongosCount
¶ Type: integer
Required. Number of
mongos
instances in the sharded cluster.
-
spec.mongos.
additionalMongodConfig
¶ Type: collection
Additional configuration options with which you want to start each mongos instance.
The Kubernetes Operator supports all configuration options that the MongoDB version you deploy through the MongoDB Agent supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:
net.port
net.tls.certificateKeyFile
net.tls.clusterFile
net.tls.PEMKeyFile
replication.replSetName
security.clusterAuthMode
sharding.clusterRole
storage.dbPath
systemLog.destination
systemLog.path
To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.
To learn which configuration options you can use, see Advanced Options for MongoDB Deployments in the Ops Manager documentation.
-
spec.mongos.agent.
startupOptions
¶ Type: collection
MongoDB Agent settings with which you want to start each
mongos
instance.You must provide MongoDB Agent settings as key-value pairs. The values must be strings.
For a list of supported MongoDB Agent settings, see:
- MongoDB Agent Settings for Cloud Manager projects.
- MongoDB Agent Settings for the Ops Manager version you deployed with the Kubernetes Operator.
-
spec.mongosPodSpec.
nodeAffinity
¶ Type: collection
Optional. Kubernetes rule to determine if multiple
MongoDB
resource nodes must be co-located with other nodes.
-
spec.mongosPodSpec.
podAffinity
¶ Type: collection
Optional. Kubernetes rule to determine if multiple
MongoDB
resource Pods must be co-located with other Pods.
-
spec.mongosPodSpec.
podAntiAffinityTopologyKey
¶ Type: string
Default: kubernetes.io/hostname
Sets a rule to spread
MongoDB
resource Pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.
-
spec.mongosPodSpec.
podTemplate
¶ Type: collection
Template for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each
mongos
instance.Template values take precedence over values specified in
spec.mongosPodSpec
.Note
The Kubernetes Operator doesn’t validate the fields you provide in
spec.mongosPodSpec.podTemplate
.
-
spec.mongosPodSpec.podTemplate.
metadata
¶ Type: collection
Metadata for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each
mongos
instance.To review which fields you can add to
spec.mongosPodSpec.podTemplate.metadata
, see the Kubernetes documentation.
-
spec.mongosPodSpec.podTemplate.
spec
¶ Type: collection
Specifications of the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each
mongos
instance.To review which fields you can add to
spec.mongosPodSpec.podTemplate.spec
, see the Kubernetes PodSpec v1 core API.Note
When you add containers to
spec.mongosPodSpec.podTemplate.spec.containers
, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to eachmongos
instance containers in the pod.Use this setting to specify the CPU and RAM allocations for each pod. For examples, see the samples on GitHub.
-
spec.
shardCount
¶ Type: integer
Required. Number of shards in the sharded cluster.
-
spec.shard.
additionalMongodConfig
¶ Type: collection
Additional configuration options with which you want to start each sharded cluster shard member.
The Kubernetes Operator supports all configuration options that the MongoDB version you deploy through the MongoDB Agent supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:
net.port
net.tls.certificateKeyFile
net.tls.clusterFile
net.tls.PEMKeyFile
replication.replSetName
security.clusterAuthMode
sharding.clusterRole
storage.dbPath
systemLog.destination
systemLog.path
To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.
To learn which configuration options you can use, see Advanced Options for MongoDB Deployments in the Ops Manager documentation.
-
spec.shard.
agent
¶ Type: collection
MongoDB Agent configuration settings for each sharded cluster shard member.
-
spec.shard.agent.
startupOptions
¶ Type: collection
MongoDB Agent settings with which you want to start each sharded cluster shard member.
You must provide MongoDB Agent settings as key-value pairs. The values must be strings.
For a list of supported MongoDB Agent settings, see:
- MongoDB Agent Settings for Cloud Manager projects.
- MongoDB Agent Settings for the Ops Manager version you deployed with the Kubernetes Operator.
-
spec.shardPodSpec.
nodeAffinity
¶ Type: string
Kubernetes rule to place Pods for each sharded cluster shard member on a specific range of nodes.
-
spec.shardPodSpec.persistence.
single
¶ Type: collection
Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.multiple
collections but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If each sharded cluster shard member in requires 60 gigabytes of storage space, set this value to
60Gi
.storageClass
string Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardPodSpec.persistence.multiple.
data
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host each sharded cluster shard member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for each sharded cluster shard member. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardPodSpec.persistence.multiple.
journal
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host each sharded cluster shard member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 1Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for each sharded cluster shard member. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardPodSpec.persistence.multiple.
logs
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host each sharded cluster shard member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 3Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for each sharded cluster shard member. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardPodSpec.
podAffinity
¶ Type: string
Kubernetes rule to determine whether multiple
MongoDB
resource Pods must be co-located with other Pods. To learn more about the use cases, see ||k8s-affinity| in the Kubernetes documentation.
-
spec.shardPodSpec.
podAntiAffinityTopologyKey
¶ Type: string
Default: kubernetes.io/hostname
Sets a rule to spread
MongoDB
resource Pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.
-
spec.shardPodSpec.
podTemplate
¶ Type: collection
Template for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each sharded cluster shard member.
Template values take precedence over values specified in
spec.shardPodSpec
.Note
The Kubernetes Operator doesn’t validate the fields you provide in
spec.shardPodSpec.podTemplate
.
-
spec.shardPodSpec.podTemplate.
metadata
¶ Type: collection
Metadata for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each sharded cluster shard member.
To review which fields you can add to
spec.shardPodSpec.podTemplate.metadata
, see the Kubernetes documentation.
-
spec.shardPodSpec.podTemplate.
spec
¶ Type: collection
Specifications of the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for each sharded cluster shard member.
To review which fields you can add to
spec.shardPodSpec.podTemplate.spec
, see the Kubernetes PodSpec v1 core API.Note
When you add containers to
spec.shardPodSpec.podTemplate.spec.containers
, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to each sharded cluster shard member containers in the pod.Use this setting to specify the CPU and RAM allocations for each pod. For examples, see the samples on GitHub.
-
spec.
shardSpecificPodSpec
¶ Type: array
List that contains StatefulSet overrides per shard.
-
spec.
shardSpecificPodSpec
¶ Type: array
List that contains StatefulSet overrides per shard.
-
spec.shardSpecificPodSpec.persistence.
single
¶ Type: collection
Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.multiple
collections but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If the specific shard in requires 60 gigabytes of storage space, set this value to
60Gi
.storageClass
string Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardSpecificPodSpec.persistence.multiple.
data
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host the specific shard on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 16Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for the specific shard. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardSpecifcPodSpec.persistence.multiple.
journal
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host the specific shard on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 1Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for the specific shard. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardSpecificPodSpec.persistence.multiple.
logs
¶ Type: collection
Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.
Note
- You must set the values in this collection if
spec.persistent
: true
. - You may set this collection or the
persistence.single
collection but not both.
Scalar Data Type Description labelSelector
string Tag used to bind mounted volumes to directories. storage
string Minimum storage capacity that must be available on a Kubernetes node to host the specific shard on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.
Default value is 3Gi.
Example
If this
MongoDB
resource requires 60 gigabytes of storage space, set this value to60Gi
.storageClass
string Type of storage needed for the specific shard. You may create this storage type as a StorageClass object before using it in this object specification.
Note
Make sure to set the StorageClass
reclaimPolicy
to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.- You must set the values in this collection if
-
spec.shardSpecificPodSpec.
podAffinity
¶ Type: string
Kubernetes rule to determine whether multiple
MongoDB
resource Pods must be co-located with other Pods. To learn more about the use cases, see ||k8s-affinity| in the Kubernetes documentation.
-
spec.shardSpecifcPodSpec.
podAntiAffinityTopologyKey
¶ Type: string
Default: kubernetes.io/hostname
Sets a rule to spread
MongoDB
resource Pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.
-
spec.shardSpecificPodSpec.
podTemplate
¶ Type: collection
Template for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for the specific shard.
Template values take precedence over values specified in
spec.shardSpecificPodSpec
.Note
The Kubernetes Operator doesn’t validate the fields you provide in
spec.shardSpecificPodSpec.podTemplate
.
-
spec.shardSpecificPodSpec.podTemplate.
metadata
¶ Type: collection
Metadata for the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for the specific shard.
To review which fields you can add to
spec.shardSpecificPodSpec.podTemplate.metadata
, see the Kubernetes documentation.
-
spec.shardSpecificPodSpec.podTemplate.
spec
¶ Type: collection
Specifications of the Kubernetes Pods that the MongoDB Enterprise Kubernetes Operator creates for the specific shard.
To review which fields you can add to
spec.shardSpecificPodSpec.podTemplate.spec
, see the Kubernetes PodSpec v1 core API.Note
When you add containers to
spec.shardSpecificPodSpec.podTemplate.spec.containers
, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the specific shard containers in the pod.Use this setting to specify the CPU and RAM allocations for each pod. For examples, see the samples on GitHub.
Prometheus Settings¶
You can use Prometheus with your standalone resource, replica sets, or sharded clusters. To learn more, see Deploy a Resource to Use with Prometheus. To view an example, see MongoDB Resource with Prometheus.
The following settings apply when you use Prometheus with your MongoDB resource:
-
spec.
prometheus
¶ Type: array
Optional
List that contains the parameters for exposing metrics to Prometheus.
-
spec.prometheus.
metricsPath
¶ Type: string
Optional
Default:
"/metrics"
Human-readable string that indicates the path to the metrics endpoint. If you don’t specify this setting, the default applies.
-
spec.prometheus.
passwordSecretRef
¶ Type: object
Conditional
Object that contains the details of the secret for basic HTTP authentication. If you want to use Prometheus with your MongoDB resource, you must specify this setting.
-
spec.prometheus.passwordSecretRef.
key
¶ Type: string
Optional
Default:
"password"
Human-readable string that indentifies the key in the secret that stores the password for basic HTTP authentication. If you don’t specify this setting, the default applies.
-
spec.prometheus.passwordSecretRef.
name
¶ Type: string
Conditional
Human-readable label that identifies the secret that contains the password for basic HTTP authentication. If you want to use Prometheus with your MongoDB resource, you must specify this setting.
-
spec.prometheus.
port
¶ Type: integer
Optional
Default: 9216
Number that identifies the port that the metrics endpoint will bind to. If you don’t specify this setting, the default applies.
-
spec.prometheus.
tlseSecretKeyRef
¶ Type: object
Optional
Object that contains the details of the secret for TLS authentication.
-
spec.prometheus.tlseSecretKeyRef.
key
¶ Type: string
Optional
Default:
"password"
Human-readable string that indentifies the key in the secret that stores the password for TLS authentication. If you don’t specify this setting, the default applies.
-
spec.prometheus.tlseSecretKeyRef.
name
¶ Type: string
Conditional
Human-readable label that identifies the secret that contains the password for TLS authentication. If you want to use Prometheus with your MongoDB resource and you want to use TLS authentication, you must specify this setting.
-
spec.prometheus.
username
¶ Type: string
Conditional
Human-readable label that identifies the user for basic HTTP authentication. If you want to use Prometheus with your MongoDB resource, you must specify this setting.
Security Settings¶
The following security settings apply only to replica set and sharded cluster resource types:
-
spec.security.tls.
enabled
¶ Type: boolean
Default:
false
Important
spec.security.tls.enabled
is deprecated starting in Kubernetes Operator version 1.19. To enable TLS, provide a value for thespec.security.certsSecretPrefix
setting.Encrypts communications using TLS certificates between:
- MongoDB hosts in a replica set or sharded cluster configuration
- Clients (
mongo
shell, drivers, MongoDB Compass, and others) and the MongoDB deployment
By default,
net.ssl.mode
is set torequireSSL
. To change the TLS mode used for client and database connections, seespec.additionalMongodConfig.net.ssl.mode
.
-
spec.security.tls.
ca
¶ Type: string
Provide the name of the ConfigMap that stores the CA for the
MongoDB
resource.Important
If you use a custom CA to sign your TLS certificates for the
MongoDB
resource, you must specify this parameter.The Kubernetes Operator requires that you name the
MongoDB
resource certificateca-pem
in the ConfigMap.
-
spec.security.
certsSecretPrefix
¶ Type: string
Text to prefix to the Kubernetes secrets that you created that contain your replica set’s or sharded cluster’s TLS keys and certificates.
You must prefix your secrets with
<prefix>-<metadata.name>
.Example
If you call your deployment
my-deployment
and you set the prefix tomdb
, you must name the TLS secret for the client TLS communicationsmdb-my-deployment-cert
. Also, you must name the TLS secret for internal cluster authentication (if enabled)mdb-my-deployment-clusterfile
.To learn more about naming the secrets that contain your TLS certificates, see the topic in Deploy a Replica Set that applies to your deployment.
-
spec.security.tls.
additionalCertificateDomains
¶ Type: boolean
List of every domain that should be added to TLS certificates to each pod in this deployment. When you set this parameter, every CSR that the Kubernetes Operator transforms into a TLS certificate includes a SAN in the form
<pod name>.<additional cert domain>
.Replica set resources don’t need this parameter. Use
spec.connectivity.replicaSetHorizons
instead.Note
If you add this parameter to a TLS-enabled resource, Kubernetes displays an error when the resource reaches the
Pending
state. This error displays:Please manually remove the |csr| in order to proceed.
To remedy this issue:- Remove any existing CSRs so that Kubernetes can generate new CSRs. To learn how to delete a resource, see the deleting resources in the Kubernetes documentation.
- Approve the CSRs after Kubernetes generates them.
-
spec.additionalMongodConfig.net.ssl.
mode
¶ Type: string
Default:
requireSSL
Specifies which
sslMode
is used for network connections. The following are valid options:Value Description allowSSL
Connections between servers do not use TLS. For incoming connections, the server accepts both TLS and non-TLS. preferSSL
Connections between servers use TLS. For incoming connections, the server accepts both TLS and non-TLS. requireSSL
The server uses and accepts only TLS encrypted connections.
-
spec.additionalMongodConfig.net.tls.
disabledProtocols
¶ Type: string
New in MongoDB version 4.2.
Prevents a MongoDB server running with TLS from accepting incoming connections that use a specific protocol or protocols. To specify multiple protocols, enter a comma separated list of protocols. For example,
TLS1_0,TLS1_1
.This setting recognizes the following protocols:
TLS1_0
,TLS1_1
,TLS1_2
, and starting in MongoDB 4.0.4 (and 3.6.9),TLS1_3
. If you specify an unrecognized protocol, the server won’t start.On macOS, you can’t disable
TLS1_1
and enable bothTLS1_0
andTLS1_2
. You must disable at leastTLS1_0
orTLS1_2
also. For example,TLS1_0,TLS1_1
disablesTLS1_2
on macOS.The list of protocols that you disable replaces the default list of disabled protocols.
Starting in MongoDB version 4.0, MongoDB disables the use of TLS 1.0 if TLS 1.1+ is available on the system. To enable the disabled TLS 1.0, specify
none
as the value forspec.additionalMongodConfig.net.tls.disabledProtocols
. To learn more about this setting, see Disable TLS 1.0.Members of replica sets and sharded clusters must speak at least one protocol in common.
-
spec.security.
authentication
¶ Type: collection
Authentication specifications for your MongoDB deployment.
-
spec.security.authentication.
enabled
¶ Type: boolean
Default:
false
Specifies whether authentication is enabled on the Cloud Manager or Ops Manager project. If set to
true
, you must set an authentication mechanism inspec.security.authentication.modes
.Important
The Kubernetes Operator manages authentication for this MongoDB resource if you include this setting, even if it’s set to
false
. You can’t configure authentication for this resource using the Cloud Manager or Ops Manager UI or APIs while this setting exists in the resource specification.Omit this setting if you want to manage authentication using the Cloud Manager or Ops Manager UI or APIs.
-
spec.security.authentication.
modes
¶ Type: array
Specifies the authentication mechanism that your MongoDB deployment uses. Valid values are
SCRAM
,SCRAM-SHA-1
,MONGODB-CR
,X509
, andLDAP
. We recommendSCRAM-SHA-256
(SCRAM
) overSCRAM-SHA-1
. If you specifySCRAM-SHA-1
, you must also specifyMONGODB-CR
.X.509 Internal Cluster Authentication
To enable X.509 internal cluster authentication for the Cloud Manager or Ops Manager project, set this value to
["X509"]
and specify the following settings:spec.security.authentication.internalCluster
: "X509"
- provide a value for the
spec.security.certsSecretPrefix
setting.`
If you provide more than one value for
spec.security.authentication.modes
, you must also specify a value forspec.security.authentication.agents.mode
.
-
spec.security.authentication.
internalCluster
¶ Type: string
Specifies whether X.509 internal cluster authentication is enabled.
To enable X.509 internal cluster authentication, set to
"X509"
. Requires that the following settings be specified:The Kubernetes Operator accepts the following values:
["X509"]
: X.509 internal cluster authentication is enabled.""
or omitted: internal cluster authentication is not enabled.
Important
After you enable internal cluster authentication, you can’t disable it.
-
spec.security.authentication.
requireClientTLSAuthentication
¶ Type: boolean
Default:
false
Specifies whether the MongoDB host requires clients to connect using a TLS certificate. Defaults to
true
if you enable TLS authentication.To enable TLS authentication, provide a value for the
spec.security.certsSecretPrefix
setting.
-
spec.security.authentication.
ldap
¶ Type: collection
Required for LDAP authentication.
Configures LDAP authentication for the Cloud Manager or Ops Manager project. To enable LDAP authentication, set
spec.security.authentication.modes
to["LDAP"]
.
-
spec.security.authentication.ldap.
servers
¶ Type: array of strings
Required for LDAP authentication.
List of hostnames and ports of the LDAP servers. Specify hostnames with their respective ports in the following format:
-
spec.security.authentication.ldap.
timeoutMS
¶ Type: integer
Specifies how many milliseconds an authentication request should wait before timing out.
-
spec.security.authentication.ldap.
transportSecurity
¶ Type: string
Required for LDAP authentication.
Specifies whether the LDAP server accepts TLS.
If the LDAP server accepts TLS, set the value to
tls
. If the LDAP server doesn’t accept TLS, leave this value blank or set the value tonone
.Note
If you specify a string other than
none
ortls
, Kubernetes Operator still sets the setting totls
.
-
spec.security.authentication.ldap.
caConfigMapRef
¶ Type: collection
Required for LDAP authentication with TLS.
ConfigMap that contains a CA which validates the LDAP server’s TLS certificate.
-
spec.security.authentication.ldap.caConfigMapRef.
name
¶ Type: string
Required for LDAP authentication with TLS.
Name of the ConfigMap that contains a CA which validates the LDAP server’s TLS certificate.
-
spec.security.authentication.ldap.caConfigMapRef.
key
¶ Type: string
Required for LDAP authentication with TLS.
Field name that stores the CA which validates the LDAP server’s TLS certificate.
-
spec.security.authentication.ldap.
bindQueryUser
¶ Type: string
Required for LDAP authentication.
LDAP Distinguished Name to which MongoDB binds when connecting to the LDAP server.
-
spec.security.authentication.ldap.
bindQueryPasswordSecretRef
¶ Type: collection
Required for LDAP authentication.
Specifies the secret that contains the password with which MongoDB binds when connecting to the LDAP server.
-
spec.security.authentication.ldap.bindQueryPasswordSecretRef.
name
¶ Type: string
Required for LDAP authentication.
Name of the secret that contains the password with which MongoDB binds when connecting to the LDAP server.
The secret must contain only one
password
field which stores the password.
-
spec.security.authentication.ldap.
authzQueryTemplate
¶ Type: string
Required for LDAP authorization.
An RFC4515 and RFC4516 LDAP-formatted query URL template executed by MongoDB to obtain the LDAP groups that the user belongs to. The query is relative to the host or hosts specified in
spec.security.authentication.ldap.servers
. You can use the following tokens in the template:{USER}
- Substitutes the authenticated username, or the
transformed
username, into the LDAP query.
{PROVIDED_USER}
- Substitutes the supplied username, before either authentication or LDAP transformation, into the LDAP query. (Available starting in MongoDB version 4.2)
See also
LDAP Query Templates in the MongoDB Manual
-
spec.security.authentication.ldap.
automationLdapGroupDN
¶ Type: string
The Distinguished Name (DN) of the LDAP group to which the MongoDB Agent user belongs.
This setting is required if:
spec.security.authentication.ldap.authzQueryTemplate
is present, andspec.security.authentication.agents.mode
isLDAP
orX509
.
-
spec.security.authentication.ldap.
userToDNMapping
¶ Type: string
Maps the username provided to
mongod
ormongos
for authentication to a LDAP Distinguished Name (DN).See also
security.ldap.userToDNMapping in the MongoDB Manual
-
spec.security.authentication.ldap.
userCacheInvalidationInterval
¶ Type: integer
Specifies how many seconds MongoDB waits to flush the LDAP user cache. Defaults to 30 seconds.
-
spec.security.authentication.
agents
¶ Type: collection
MongoDB Agent authentication configuration for the Cloud Manager or Ops Manager project.
-
spec.security.authentication.agents.
mode
¶ Type: string
The authentication mechanism that the MongoDB Agents for your MongoDB deployment use. Valid values are
SCRAM
,SCARM-SHA-1
,MONGODB-CR
,X509
, andLDAP
. The value you specify must also be present inspec.security.authentication.modes
. We recommendSCRAM-SHA-256
(SCRAM
) overSCRAM-SHA-1
. If you specifySCRAM-SHA-1
, you must also specifyMONGODB-CR
.This setting is required if you specified more than one value for
spec.security.authentication.modes
.
-
spec.security.authentication.agents.
automationUserName
¶ Type: string
Name of the user that the MongoDB Agents use to interact with your MongoDB deployment. The username is mapped to an LDAP Distinguished Name (DN) according to
spec.security.authentication.ldap.userToDNMapping
. The resulting DN must already exist in your LDAP deployment.This setting is required if
spec.security.authentication.agents.mode
isLDAP
.
-
spec.security.authentication.agents.
automationPasswordSecretRef
¶ Type: collection
Details of the secret that contains the password for the
spec.security.authentication.agents.automationUserName
user.This setting is required if
spec.security.authentication.agents.mode
isLDAP
.
-
spec.security.authentication.agents.automationPasswordSecretRef.
name
¶ Type: string
Name of the secret that contains the password for the
spec.security.authentication.agents.automationUserName
user. You must create this secret in the same namespace to which you deploy the Kubernetes Operator:This secret must contain one key, the value of which matches the password of the
spec.security.authentication.agents.automationUserName
user in your LDAP deployment.This setting is required if
spec.security.authentication.agents.mode
isLDAP
.
-
spec.security.authentication.agents.automationPasswordSecretRef.
key
¶ Type: string
Key in the
spec.security.authentication.agents.automationPasswordSecretRef.name
secret that contains the password for the user inspec.security.authentication.agents.automationUserName
.This setting is required if
spec.security.authentication.agents.mode
isLDAP
.
-
spec.security.authentication.agents.clientCertificateSecretRef.
name
¶ Type: string
Specifies the secret that contains the MongoDB Agent’s TLS certificate. If omitted, defaults to
agent-certs
.This secret must contain the following keys, the values of which are TLS certificates that can be validated by the server:
mms-automation-agent-pem
mms-backup-agent-pem
mms-monitoring-agent-pem
You must create this secret in the same namespace to which you deploy the Kubernetes Operator:
-
spec.security.
roles
¶ Type: array
Array that defines User-defined roles that give you fine-grained access control over your MongoDB deployment.
To enable user-defined roles, the
spec.security.authentication.enabled
must betrue
.Example
In this example, a user-defined role named
customRole
allows users assigned this role to:- Insert documents into the
cats
collection in thepets
database, and - Find and insert documents into the
dogs
collection in thepets
database.
- Insert documents into the
-
spec.security.roles.
role
¶ Type: string
Name of the user-defined role.
-
spec.security.roles.
db
¶ Type: string
The database in which you want to store the user-defined role.
Example
admin
-
spec.security.roles.
authenticationRestrictions
¶ Type: array
Array that defines the IP address from which and to which users assigned this
spec.security.roles.role
can connect.
-
spec.security.roles.authenticationRestrictions.
clientSource
¶ Type: array
Array of IP addresses or CIDR blocks from which users assigned this
spec.security.roles.role
can connect.MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array.
-
spec.security.roles.authenticationRestrictions.
serverAddress
¶ Type: array
Array of IP addresses or CIDR blocks to which users assigned this
spec.security.roles.role
can connect.MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array.
-
spec.security.roles.
privileges
¶ Type: array
Array that describes the privileges that users granted this role possess.
-
spec.security.roles.privileges.
actions
¶ Type: array
List of actions that users granted this role can perform. For a list of accepted values, see Privilege Actions in the MongoDB Manual for the MongoDB versions you deploy with the Kubernetes Operator.
-
spec.security.roles.privileges.
resource
¶ Type: collection
Resources for which the privilege
actions
apply.This collection must include either:
- The
spec.security.roles.privileges.resource.database
andspec.security.roles.privileges.resource.collection
settings, or - The
spec.security.roles.privileges.resource.cluster
setting with a value oftrue
.
- The
-
spec.security.roles.privileges.resource.
database
¶ Type: string
Database for which the privilege
actions
apply.If you provide a value for this setting, you must also provide a value for
spec.security.roles.privileges.resource.collection
.
-
spec.security.roles.privileges.resource.
collection
¶ Type: string
Collection in the
database
for which the privilegeactions
apply.If you provide a value for this setting, you must also provide a value for
spec.security.roles.privileges.resource.database
.
-
spec.security.roles.privileges.resource.
cluster
¶ Type: boolean
Default: False
Flag that indicates that the privilege
actions
apply to all databases and collections in the MongoDB deployment. If omitted, defaults tofalse
.If set to true, do not provide values for
spec.security.roles.privileges.resource.database
andspec.security.roles.privileges.resource.collection
.
Examples¶
- Standalone Pod
- Replica Set Pod
- Sharded Cluster Pod
The following example shows a resource specification for a standalone deployment with every setting provided:
The following example shows a resource specification for a replica set with every setting provided:
The following example shows a resource specification for a sharded cluster with every setting provided:
StatefulSet Settings¶
The following StatefulSets settings apply only to replica set and sharded cluster resource types.
-
spec.statefulSet.
spec
¶ Type: collection
Specification for the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for
MongoDB
resources.
-
spec.statefulSet.spec.
serviceName
¶ Type: string
Default:
<resource_name>-svc
and<resource_name>-svc-external
Name of the Kubernetes service to be created or used for a StatefulSet. If the service with this name already exists, the MongoDB Enterprise Kubernetes Operator doesn’t delete or recreate it. This setting lets you create your own custom services and lets the Kubernetes Operator reuse them.